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BACKGROUND OF THE INVENTION 

5 

The present invention relates in general to 
providing computer networking services with optional 
service features or resources, and, more specifically, to 
redirecting traffic from a user in response to authorized 

10 services accessible to the user. 

In a typical computer network, most types of 
communication depend upon unique addresses assigned to 
specific hardware components on the network. The address 
of an intended recipient is included in each packet or 

15 datagram transmitted within the network so that the 
recipient can recognize and process transmissions 
intended for it . A full address may include a network 
address portion, a hardware or host portion, and a port 
identification . 

20 Computer network service providers operate local or 

wide area networks to which their customers connect by 
dial-up, digital subscriber line (DSL) service, or cable 
modem, for example. The service provider's network 
includes a hub or gateway that functions as a 

25 concentrator or aggregator connected to a plurality of 
remote users. The gateway routes user traffic to 
destinations in the local network or to an external 
network, such as the Internet. The gateway often 
functions as a service selection gateway (SSG) which 

30 allows users to connect to various subscribed, on-demand 
network services. These subscription services may 
include a walled garden having various content servers, 
video on-demand servers, and voice services, or may 
include a firewall for handling all traffic between the 

35 user and the Internet, for example. 

Network addresses, whether within a local area 
network or over interconnected networks, follow a 
specific protocol such as Internet Protocol (IP) 
addressing, which is part of the Transmission Control 
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Protocol /Internet Protocol (TCP/IP) suite. When a 
service selection gateway receives traffic from a user, 
it must direct that traffic according to 1) a user 
service profile that identifies the services to which the 
user has subscribed and 2) the requested service or 
destination implicit within the traffic received from the 
user. If the user is authorized to use the particular 
service, then the service selection gateway routes the 
corresponding user packets to the appropriate service by 
inserting the correct IP address for the service into the 
packets. Since any initial destination address may be 
replaced, this process is called redirection. 

Prior art service selection gateways have had to be 
configured with the IP address corresponding to each 
service or host to which user traffic is to be 
redirected. Therefore, whenever the network resources 
are changed (e.g., adding or deleting services, or 
replacing host equipment) , the service selection gateway 
must be manually reconfigured. This is especially 
burdensome for larger networks using many 
concentrators/ service selection gateways accessing the 
services . 

SUMMARY OF THE INVENTION 

The present invention has the advantage of avoiding 
the foregoing problems of manually reconfiguring each 
service selection gateway when an IP address associated 
with a particular service or host changes. 

In one aspect of the invention, a network apparatus 
comprises a plurality of service-option resources each 
having a respective numerical network address. An 
address server stores the numerical network addresses 
together with a respective logical name corresponding to 
each numerical network address. The address server 
responds to queries by providing a numerical network 
address corresponding to a logical name contained in a 
respective query. An authorization server stores 
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respective user profiles for identifying service-option 
resources to which each one of a plurality of users are 
authorized to use. A plurality of service selection 
gateways are coupled to the service-option resources, the 
address server, and the authorization server. Each 
service selection gateway 1) receives user traffic from a 
respective user directed to a nominal destination, 2) 
determines if the nominal destination should be 
redirected to a respective logical name corresponding to 
one of the service-option resources in response to a 
respective user profile, and 3) queries the address 
server for a respective numerical network address to 
redirect according to the respective logical name. 

BRIEF DESCRIPTION OF THE DRAWINGS 

Figure 1 is a block diagram showing a subscription 
services network architecture for an internet services 
provider. 

Figure 2 is a block diagram showing a service 
selection gateway in greater detail. 

Figure 3 shows specific configuration data using IP 
addresses . 

Figure 4 is a block diagram showing a preferred 
embodiment using logical names and an address server for 
performing redirection according to the present 
invention. 

Figure 5 shows specific configuration data of a 
preferred embodiment of the present invention using 
logical names. 

DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS 

Referring to Figure 1, a system architecture 
for a network service provider is partially shown. One 
example of a commercially available service of this type 
is the Integrated On -Demand Network (ION) operated by 
Sprint Communications . 



The local network of the service provider includes a 
number of hubs or gateways, including gateways 10 and 11. 
Each hub includes a concentrator or aggregator 12 and 13 , 
respectively, which are connected to respective groups of 
remote users 14 (e.g., residential or business users). 
Remote users 14 may be connected to hubs 10 and 11 via 
dial-up, digital -subscriber line (DSL) , cable modem, 
fiber optic, wireless, or a combination of these or other 
methods. Each remote user communicates either point-to- 
point or bridged with concentrators 12 and 13. 
Concentrators 12 and 13 route the aggregated user traffic 
to other destinations in the local network or to an 
external network, such as the Internet 15. Concentrators 
12 and 13 may for example each be comprised of a Cisco 
6400 Carrier-Class Broadband Aggregator. 

Concentrators 12 and 13 each include a service 
selection gateway (SSG) which allows users to subscribe 
to various on-demand network services. These 
subscription services may include a walled garden 16 
having various content servers, video on-demand servers, 
and voice services, for example. The subscription 
services may also include a firewall 17 or another 
security resource 18 to interface all of an authorized 
user's traffic with Internet 15. Security resource 18 
can comprise a virus scanner or a content filter, for 
example . 

The service selection gateway works together with a 
service selection dashboard (SSD) 20 and an 
authentication, authorization, and accounting (AAA) 
server 21. SSD 20 functions as an http-based portal for 
a user to make optional service selections. Information 
identifying the selected services (including 
configuration and billing information) is stored by AAA 
server 21. When a user logs in and attempts access to 
subscription services, concentrators 12 and 13 consult 
AAA server 21 (e.g., via a remote authentication dial-in 
user service (RADIUS) protocol) to determine whether to 
connect the user with the desired service. A user 
service profile is usually then stored in concentrator 12 



or 13 to respond to subsequent service requests for as 
long as the user remains connected to the network. 

Concentrator 12 is shown in greater detail in Figure 
2. A routing block 25 processes all point-to-point (PPP) 
user traffic received from a user and forwards it on to 
its next authorized destination. It also demultiplexes 
and forward to the user any traffic coming from the 
network destined for the user. 

A memory 26 stores a user service profile for each 
user logged-on to the network. If a user is logging on 
for the first time, the new user is redirected to SSD 20. 
A memory 27 contains a default network IP address of SSD 
2 0 which routing block 2 5 uses to perform the 
redirection. According to a conventional method, 
concentrator 12 responds to a configuration command that 
sets the contents of memory 27 to an IP address supplied 
in the configuration command. When the IP address of SSD 
2 0 changes for any reason, then a new configuration 
command must be executed within concentrator 12 to update 
the IP address. 

A memory 28 contains a bound services table which 
includes the IP addresses of all the valid resources 
within the local network, including subscription services 
such as walled-garden services or firewall services and 
non- subscription services such as a pass-through router 
to the Internet. Depending upon which services are shown 
to be subscribed in the user service profile, routing 
block 2 5 uses the bound service IP addresses to perform 
redirections to those services. Concentrator 12 includes 
appropriate configuration commands for manually setting 
the contents of memory 28 to the desired IP addresses. 
When the IP address of any bound service changes for any 
reason, then a new configuration command must be executed 
within concentrator 12 to update the IP address. 

Figure 3 shows the configured memory contents in 
greater detail. The user services profile memory 26 
identifies each user and lists each subscription service 
for which each corresponding user has signed up. Memory 
2 7 contains the default network IP address in the form of 



* 'yyy.yyy .yyy -YYY" according to the TCP/IP protocol 
suite. Similarly, bound services table memory 28 stores 
each identified service name paired with the IP address 
of the network resource providing that service. When any 
of the IP addresses are changed, the corresponding 
entries in the bound services table for each 
concentrator' s service selection gateway must be 
modified. 

The present invention circumvents the need to change 
IP addresses stored within each and every SSG by using a 
network architecture as shown in Figure 4. Routing block 
2 5 is connected to a memory 3 0 storing a default network 
logical name and to a memory 31 storing a table of bound 
services logical names. Logical names are textual labels 
which can be resolved or translated into a real IP 
address. Instead of actual IP addresses, the 
concentrator's service selection gateway is configured to 
store in memory all the predetermined logical names of 
service resources to which user traffic may be 
redirected. 

In the preferred embodiment of the present 
invention, the translation is performed by an address 
server 32 which is connected to concentrator 12 and all 
the other concentrators in the local network that are 
performing SSG functions. Address server 32 stores the 
numerical IP addresses and a respective logical name 
corresponding to each IP address. Address server 32 
responds to queries by sending an IP address 
corresponding to a logical name contained in a respective 
query from a router which is in the process of 
redirecting some user traffic to a particular 
destination. By serving the IP addresses of both the 
default network location and the bound services 
locations, changes to real IP addresses of the resources 
themselves to not result in an change within any of the 
SSG concentrators. All that is necessary is to update 
the corresponding IP address in address server 32 . 

Figure 5 shows configured memory contents in 
concentrator 12 according to a preferred embodiment. A 



memory 33 contains a default network logical name, such 
as http://Sprint.walledgarden.com representative of the 
SSD resource for the local network. A memory 34 contains 
bound services logical names representative of each of 
the subscription and non- subscription resources to which 
an SSG will need to redirect user traffic. These logical 
names may preferably be in a domain name format . Address 
server 32 can thus be similar in structure to a domain 
name system (DNS) server. 

Figure 6 shows partial contents of a translation 
table 3 5 within address server 32 for associating logical 
names with numerical IP addresses. 

Figure 7 is a flowchart of a preferred method of the 
invention wherein service-option resources are organized 
for network access in step 40. In step 41, a logical 
name is assigned to each service -opt ion resource. 
Preferably, each logical name is chosen to be an 
intuitive name for the service being represented, e.g., 
firewalll.com for a firewall resource. Using such 
intuitive names simplifies network administration and 
maintenance. In step 42, IP address/ logical name pairs 
are stored in an address server translation table. 

Once a network has been configured, user traffic is 
received in step 43. In step 44, a check is made to 
determine if this is a new user, and if it is a new user, 
then the SSG gets an IP address for the default network 
location (i.e., the IP address of the service selection 
dashboard) and redirects the user there. The SSG may 
preferably get the IP address of the default network 
location by retrieving its logical name and performing a 
look-up of the IP address using the address server. 
After the user is redirected to the SSD, the user 
subscribes to any desired services in step 4 6 and then 
returns to the normal flow at step 43 . 

If step 44 determines that it is not a new user, 
then the user service profile for the user is obtained in 
step 47. In response to 1) the nominal destination 
contained in a packet of the user traffic and 2) the 
service-options to which the user has subscribed, a 



logical name is determined in step 48 for redirecting the 
user traffic to the appropriate resource. For example, 
if the nominal destination is a node within the Internet 
and the user has subscribed to a firewall service, then 
the SSG determines that the traffic should be redirected 
to the logical name of http://Sprint.firel.com, for 
example . 

Based on the determined logical name, the address 
server is queried in step 49 for the IP address 
corresponding to the logical name. In step 50, the IP 
address is received by the SSG from the address server 
and the SSG redirects the traffic as appropriate in step 
51. 

Referring to Figure 8, one of the primary advantages 
of the present invention lies in the ease with which 
network hardware changes can be accommodated. In step 
55, service-option resources of a network are 
reconfigured, resulting in changed IP addresses of the 
resources assigned to particular services. For example, 
a content server in a walled garden may have been updated 
with a faster computer. In step 56, the stored IP 
addresses that have changed are stored on the address 
server associated with the corresponding logical names of 
the service they are to provide. The SSG continues to 
redirect packets to the correct IP address after the 
network modifications without requiring any changes in 
the SSG. 



